RKN Reports

The Latest

  • MongoDB serious bug ‘mongobleed’

    MongoDB’s CTO Jim Scharf writes a straightforward post outlining how the bug was found and how they rolled it out and fixed it. Bravo for a great response and timeline.

    The vulnerability was discovered internally by MongoDB Security Engineering as part of our proactive and continuously evolving security program. Over the last several years, we have increased our investment in people, processes, and technology to analyse and improve our codebase continuously. This work is ongoing, and discoveries like this reinforce the importance of sustained focus in this area.

    Kudos to them for finding, reporting, and fixing this very serious bug with the level of transparency they did. My big complaint is how poorly communicated how bad this bug is. See this post by Stanislav Kozlovski’s Big Data Stream blog

    It allows an attacker to read off any uninitialized heap memory, meaning anything that was allocated to memory from a previous database operation could be read.

    The bug was introduced in 20172. It is dead-easy to exploit – it only requires connectivity to the database (no auth needed). It is fixed as of writing, but some EOL versions (3.6, 4.0, 4.2) will not get it.

    Being clear about how bad the bug is helps users and administrators understand how they should prioritize fixing these things.

  • Armis Acquired by Service Now

    Service Now Acquired Armis for $7.57 Billion in cash. Surprising but not surprising. Service Now always felt like its asset discovery was pretty poor. Hopefully this improves their ability to track and maintain a proper CMDB in the long term. For Armis whats interesting is that they were trying to be not just asset discovery but also some vulnerability management, will this get them there faster?

    SANTA CLARA, Calif.–(BUSINESS WIRE)– ServiceNow (NYSE: NOW), the AI control tower for business reinvention, today entered into an agreement to acquire Armis for $7.75 billion in cash. Armis, a leader in cyber exposure management and cyber-physical security, manages cyber risk across the full attack surface in IT, operational technology (OT), medical devices, and other environments for companies, governments, and critical infrastructure worldwide. The acquisition will expand ServiceNow’s security workflow offerings and advance AI-native, proactive cybersecurity and vulnerability response across all connected devices. Together, ServiceNow and Armis will create a unified, end-to-end security exposure and operations stack that can see, decide, and act across the entire technology footprint by connecting real-time asset discovery, threat intelligence, and risk prioritization with automated remediation and response workflows.

  • Hello world!

    Our first post. We’re just collecting our thoughts! Check back soon.